scp2 v0.1.4 is indirectly vulnerable to Regular Expression Denial of Service

[rogerweb]

Hi,

Current version of grunt-ssh-deploy depends on version 0.1.4 of scp2 which is vulnerable to the Regular Expression Denial of Service, as per npm audit output:

High           Regular Expression Denial of Service
Package        minimatch
Patched in     >=3.0.2
Dependency of  grunt-ssh-deploy [dev]
Path           grunt-ssh-deploy > scp2 > glob > minimatch
More info      https://nodesecurity.io/advisories/118

Upgrading scp2 from 0.1.4 to 0.5.0 would fix it.